Secure authentication of a user using a mobile device
First Claim
1. A non-transitory computer-readable medium embodying a computer program for authenticating a user based on a mobile device by a server data processing system, the computer program comprising computer-readable program code for:
- generating, by the server data processing system, a first message including a first session identifier uniquely identifying a session established between the server data processing system and a user data processing system, the user data processing system including a physical interface, the user data processing system separate from the mobile device;
sending the first message to the user data processing system for delivery to the mobile device through the physical interface of the user data processing system;
in a first authentication mode, authenticating, by the server data processing system, the user for the session based on receiving a response message including a second session identifier, a user identifier, and a digital signature based on a private key of the mobile device associated with the user, the response message being received through an interface that is separate from the user data processing system;
matching the first session identifier and the second session identifier; and
identifying that the response message includes the digital signature based on the private key of the mobile device; and
in a second authentication mode that is different than the first authentication mode, authenticating, by the server data processing system, the user for the session based on receiving, from the user data processing system through the session, an authentication code generated by the mobile device.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-readable medium embodies a computer program for authenticating a user. The computer program comprises computer-readable program code for: generating a first message including an identifier for a session, sending the first message through an interface associated with the session, receiving a response message including the identifier for the session, a user identifier, and at least a portion encrypted using a private key associated with a mobile device associated with the user, and authenticating the user in response to identifying that the response message includes at least the portion encrypted using the private key associated with the mobile device.
71 Citations
27 Claims
-
1. A non-transitory computer-readable medium embodying a computer program for authenticating a user based on a mobile device by a server data processing system, the computer program comprising computer-readable program code for:
-
generating, by the server data processing system, a first message including a first session identifier uniquely identifying a session established between the server data processing system and a user data processing system, the user data processing system including a physical interface, the user data processing system separate from the mobile device; sending the first message to the user data processing system for delivery to the mobile device through the physical interface of the user data processing system; in a first authentication mode, authenticating, by the server data processing system, the user for the session based on receiving a response message including a second session identifier, a user identifier, and a digital signature based on a private key of the mobile device associated with the user, the response message being received through an interface that is separate from the user data processing system;
matching the first session identifier and the second session identifier; and
identifying that the response message includes the digital signature based on the private key of the mobile device; andin a second authentication mode that is different than the first authentication mode, authenticating, by the server data processing system, the user for the session based on receiving, from the user data processing system through the session, an authentication code generated by the mobile device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium embodying a computer program for facilitating authentication of a user by a mobile device, the computer program comprising computer-readable program code for:
-
receiving, by the mobile device, through a physical interface associated with a session, a first message including a session identifier uniquely identifying the session, the session established between a server data processing system and a user data processing system, the user data processing system including the physical interface, the user data processing system separate from the mobile device; in a first authentication mode, facilitating, by the mobile device, authentication of the user for the session identified by the unique session identifier based on generating, by the mobile device, a response message including the unique session identifier, a user identifier, and a digital signature based on a private key of the mobile device associated with the user; and
sending, by the mobile device, the response message through an interface separate from the user data processing system to a specified party to request authentication of the user for the session that is on the user data processing system and identified by the unique session identifier; andin a second authentication mode that is different than the first authentication mode, facilitating, by the mobile device, authentication of the user for the session identified by the unique session identifier based on displaying, by the mobile device, an authentication code for entry of the authentication code into the user data processing system through the session, the entry of which via the user data processing system through the session requests authentication of the user for the session identified by the unique session identifier. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A non-transitory computer-readable medium embodying a computer program for facilitating authentication of a user based on a mobile device by a third party data processing system, the computer program comprising computer-readable program code for:
-
receiving, by the third party data processing system, a request for authentication from an entity data processing system associated with an entity, the entity associated with a first session identifier uniquely identifying a session established between the entity data processing system and a user data processing system, the user data processing system including a physical interface, the user data processing system separate from the mobile device; in a first authentication mode, facilitating, by the third party data processing system, authentication of the user for the session based on receiving, from the mobile device, a message including a second session identifier, a user identifier, and a digital signature based on a private key of the mobile device; and
in response to matching the first session identifier received from the mobile device with the second session identifier associated with the entity, sending a response message to the entity data processing system associated with the entity; andin a second authentication mode that is different than the first authentication mode, facilitating, by the third party data processing system, authentication of the user for the session based on receiving, from the entity data processing system via the user data processing system through the session, an authentication code generated by the mobile device; and
sending a response message to the entity data processing system associated with the entity. - View Dependent Claims (24, 25)
-
-
26. A server data processing system for authenticating a user based on a mobile device, the server data processing system comprising:
-
at least one memory configured to store program code; at least one communication unit; and at least one processor configured to execute the program code to cause the data processing system to; generate a first message including a first session identifier uniquely identifying a session established between the server data processing system and a user data processing system, the user data processing system including a physical interface, the user data processing system separate from the mobile device; send, via the at least one communication unit, the first message to the user data processing system for delivery to the mobile device through the physical interface of the user data processing system; in a first authentication mode, authenticate the user for the session based on receipt, via the at least one communication unit, of a response message including a second session identifier, a user identifier, and a digital signature based on a private key of a mobile device associated with the user, the response message being received through an interface that is separate from the user data processing system;
the first session identifier and the second session identifier matching; and
identification that the response message includes the digital signature based on the private key of the mobile device; andin a second authentication mode that is different than the first authentication mode, authenticate the user for the session based on receipt, from the user data processing system through the session, an authentication code generated by the mobile device. - View Dependent Claims (27)
-
Specification